Examples with Access org.apache.druid.server.security.Access used on opensource projects

Search in sources :

Example 21 with Access

use of org.apache.druid.server.security.Access in project druid by druid-io.

the class RangerDruidAccessRequest method authorize.

@Override
public Access authorize(AuthenticationResult authenticationResult, Resource resource, Action action) {
    if (authenticationResult == null) {
        throw new IAE("authenticationResult is null where it should never be.");
    }
    Set<String> userGroups = null;
    if (useUgi) {
        UserGroupInformation ugi = UserGroupInformation.createRemoteUser(authenticationResult.getIdentity());
        String[] groups = ugi != null ? ugi.getGroupNames() : null;
        if (groups != null && groups.length > 0) {
            userGroups = new HashSet<>(Arrays.asList(groups));
        }
    }
    RangerDruidResource rangerDruidResource = new RangerDruidResource(resource);
    RangerDruidAccessRequest request = new RangerDruidAccessRequest(rangerDruidResource, authenticationResult.getIdentity(), userGroups, action);
    RangerAccessResult result = rangerPlugin.isAccessAllowed(request);
    if (log.isDebugEnabled()) {
        log.debug("==> authorize: %s, allowed: %s", request.toString(), result != null ? result.getIsAllowed() : null);
    }
    if (result != null && result.getIsAllowed()) {
        return new Access(true);
    }
    return new Access(false);
}
Also used : Access(org.apache.druid.server.security.Access) RangerAccessResult(org.apache.ranger.plugin.policyengine.RangerAccessResult) IAE(org.apache.druid.java.util.common.IAE) UserGroupInformation(org.apache.hadoop.security.UserGroupInformation)

Example 22 with Access

use of org.apache.druid.server.security.Access in project druid by druid-io.

the class BasicRoleBasedAuthorizerTest method testAuth.

@Test
public void testAuth() {
    updater.createUser(DB_AUTHORIZER_NAME, "druid");
    updater.createRole(DB_AUTHORIZER_NAME, "druidRole");
    updater.assignUserRole(DB_AUTHORIZER_NAME, "druid", "druidRole");
    List<ResourceAction> permissions = Collections.singletonList(new ResourceAction(new Resource("testResource", ResourceType.DATASOURCE), Action.WRITE));
    updater.setPermissions(DB_AUTHORIZER_NAME, "druidRole", permissions);
    AuthenticationResult authenticationResult = new AuthenticationResult("druid", "druid", null, null);
    Access access = authorizer.authorize(authenticationResult, new Resource("testResource", ResourceType.DATASOURCE), Action.WRITE);
    Assert.assertTrue(access.isAllowed());
    access = authorizer.authorize(authenticationResult, new Resource("wrongResource", ResourceType.DATASOURCE), Action.WRITE);
    Assert.assertFalse(access.isAllowed());
}
Also used : Resource(org.apache.druid.server.security.Resource) Access(org.apache.druid.server.security.Access) ResourceAction(org.apache.druid.server.security.ResourceAction) AuthenticationResult(org.apache.druid.server.security.AuthenticationResult) Test(org.junit.Test)

Example 23 with Access

use of org.apache.druid.server.security.Access in project druid by druid-io.

the class BasicRoleBasedAuthorizer method authorize.

@Override
@SuppressWarnings("unchecked")
public Access authorize(AuthenticationResult authenticationResult, Resource resource, Action action) {
    if (authenticationResult == null) {
        throw new IAE("authenticationResult is null where it should never be.");
    }
    Set<String> roleNames = new HashSet<>(roleProvider.getRoles(name, authenticationResult));
    Map<String, BasicAuthorizerRole> roleMap = roleProvider.getRoleMap(name);
    if (roleNames.isEmpty()) {
        return new Access(false);
    }
    if (roleMap == null) {
        throw new IAE("Could not load roleMap for authorizer [%s]", name);
    }
    for (String roleName : roleNames) {
        BasicAuthorizerRole role = roleMap.get(roleName);
        if (role != null) {
            for (BasicAuthorizerPermission permission : role.getPermissions()) {
                if (permissionCheck(resource, action, permission)) {
                    return new Access(true);
                }
            }
        }
    }
    return new Access(false);
}
Also used : Access(org.apache.druid.server.security.Access) BasicAuthorizerRole(org.apache.druid.security.basic.authorization.entity.BasicAuthorizerRole) IAE(org.apache.druid.java.util.common.IAE) BasicAuthorizerPermission(org.apache.druid.security.basic.authorization.entity.BasicAuthorizerPermission) HashSet(java.util.HashSet)

Example 24 with Access

use of org.apache.druid.server.security.Access in project druid by druid-io.

the class ConfigResourceFilter method filter.

@Override
public ContainerRequest filter(ContainerRequest request) {
    final ResourceAction resourceAction = new ResourceAction(new Resource("CONFIG", ResourceType.CONFIG), getAction(request));
    final Access authResult = AuthorizationUtils.authorizeResourceAction(getReq(), resourceAction, getAuthorizerMapper());
    if (!authResult.isAllowed()) {
        throw new ForbiddenException(authResult.toString());
    }
    return request;
}
Also used : ForbiddenException(org.apache.druid.server.security.ForbiddenException) Resource(org.apache.druid.server.security.Resource) Access(org.apache.druid.server.security.Access) ResourceAction(org.apache.druid.server.security.ResourceAction)

Example 25 with Access

use of org.apache.druid.server.security.Access in project druid by druid-io.

the class DatasourceResourceFilter method filter.

@Override
public ContainerRequest filter(ContainerRequest request) {
    final ResourceAction resourceAction = new ResourceAction(new Resource(getRequestDatasourceName(request), ResourceType.DATASOURCE), getAction(request));
    final Access authResult = AuthorizationUtils.authorizeResourceAction(getReq(), resourceAction, getAuthorizerMapper());
    if (!authResult.isAllowed()) {
        throw new ForbiddenException(authResult.toString());
    }
    return request;
}
Also used : ForbiddenException(org.apache.druid.server.security.ForbiddenException) Resource(org.apache.druid.server.security.Resource) Access(org.apache.druid.server.security.Access) ResourceAction(org.apache.druid.server.security.ResourceAction)

Aggregations

Access (org.apache.druid.server.security.Access)35 Resource (org.apache.druid.server.security.Resource)22 ForbiddenException (org.apache.druid.server.security.ForbiddenException)18 ResourceAction (org.apache.druid.server.security.ResourceAction)18 AuthenticationResult (org.apache.druid.server.security.AuthenticationResult)15 Test (org.junit.Test)11 Response (javax.ws.rs.core.Response)8 Action (org.apache.druid.server.security.Action)8 Authorizer (org.apache.druid.server.security.Authorizer)8 AuthorizerMapper (org.apache.druid.server.security.AuthorizerMapper)8 Produces (javax.ws.rs.Produces)7 List (java.util.List)5 Consumes (javax.ws.rs.Consumes)5 POST (javax.ws.rs.POST)5 Path (javax.ws.rs.Path)5 WebApplicationException (javax.ws.rs.WebApplicationException)5 ObjectMapper (com.fasterxml.jackson.databind.ObjectMapper)4 HashMap (java.util.HashMap)4 Set (java.util.Set)4 HttpServletRequest (javax.servlet.http.HttpServletRequest)4
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial